TEL AVIV, Israel, September 8, 2021 / PRNewswire / – Cybellum, a leader in product safety lifecycle management and the Automotive Security Research Group (ASRG) today released a report outlining the results of a joint survey of key global OEMs and Tier 1-2 suppliers, to assess how the automotive industry is currently handling vulnerability management.
“With the implementation of UNECE WP.29 R155 which is fast approaching in Japan, South Korea and the EU, and ISO / SAE 21434 has just been officially released, it is worrying that around 30% of respondents have not started to prepare for these new cybersecurity requirements and that only 6% are fully prepared ”, declared John heldreth, founder of ASRG. “From 2022, automotive cybersecurity will no longer be a good practice, but rather an obligation and an application – the industry must change gears and prepare for this new era. “
According to the report, automotive players are not ready for upcoming regulations and are lagging behind IT security practices in their organization. Some of the main findings include:
- 63% of respondents did not automate any aspect of their vulnerability management process
- 65% consider the timely assessment of new vulnerabilities to be a growing challenge
- 43% say manual processes are the reason for lengthy security assessments, while 42% cite lack of coordination across the supply chain as a barrier to timely assessments.
- 74% favor vulnerability management solutions that automate continuous post-production monitoring
- Only 6% are fully ready for the next UNECE WP.29 R155 regulation
“The continuing increase in automotive cyber risk and the regulatory requirements developed in response require the automotive industry – whose core operations have not changed much in recent decades – to rethink its approach to managing vulnerabilities.” , noted Slava bronfman, CEO of Cybellum. “Manual processes deemed sufficient in the past will not be sufficient. The survey shows that this is a major concern for OEMs and their suppliers. . “
The Cybellum / ASRG report covers a wide range of issues related to automotive cybersecurity and vulnerability management, from current levels of regulatory readiness to average time to fix vulnerabilities to vulnerability management use cases. .
A full copy of the free report is available for download via the Cybellum website – here.
The Automotive Security Research Group (ASRG) is a non-profit organization focused on advancing the automotive safety industry. Through knowledge, networking and collaboration, we empower the global community of over 8,000 members across 44 locations to create safer products by developing automotive safety skills. To get more involved, have an impact on the industry, participate in a technical committee or be part of a project, please contact us. You can find out more about ASRG at www.asrg.io, or email us at [email protected].
Cybellum enables automotive OEMs and suppliers to identify and correct large-scale security risks throughout the vehicle’s lifecycle. Our agentless solution scans embedded software components without needing to access their source code, exposing all cyber vulnerabilities. Manufacturers can then take immediate action to eliminate any cyber risk in the development and production process, before any damage is done, while continuously monitoring emerging threats affecting vehicles on the road. Learn more at automotive.cybellum.com or follow us on LinkedIn.
For media inquiries:
Cybellum Technologies Ltd.
+1 (415) 992-6330